cve/2025/CVE-2025-10599.md

### [CVE-2025-10599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10599)
![](https://img.shields.io/static/v1?label=Product&message=Web-Based%20Internet%20Laboratory%20Management%20System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brightgreen)

### Description

A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Eine Schwachstelle wurde in itsourcecode Web-Based Internet Laboratory Management System 1.0 gefunden. Hierbei betrifft es die Funktion User::AuthenticateUser der Datei login.php. Die Veränderung des Parameters user_email resultiert in sql injection. Der Angriff lässt sich über das Netzwerk starten. Der Exploit wurde der Öffentlichkeit bekannt gemacht und könnte verwendet werden.

### POC

#### Reference
- https://github.com/drew-byte/Web-Based-Internet-Laboratory-Management-System_SQLi-PoC/blob/main/README.md

#### Github
No PoCs found on GitHub currently.